Product detail

Affected product: Racktables
Affected version: 0.22.0
Affected component: search

A Cross-Site Scripting (XSS) vulnerability in Racktables version <= 0.22.0, located in the 'search' component at '/index.php?page=search', allows attackers to capture a victim's cookies through reflected Cross-Site scripting method.


Install Racktables from official Racktables Github repository GitHub page

Racktables repository

Racktables latest version is 0.22.0

Installed Racktables version 0.22.0


1. Search with XSS payload, query for cookie, since cookie has no http-only flag set


Obtain victim's cookie session